Open redirect

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi SEC-162...

CVE-2016-10769

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi SEC-162...

CVE-2016-10769

CVE-2016-10769 affects cPanel before 60.0.25; it enables an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). No exploitation details are provided in the connected docs beyond this, and the vulnerability is characterized as an open redirect. Remediation per the available references is to u...

CVE-2016-9493

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

CVE-2016-9483

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

CVE-2016-9493

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

CVE-2016-9484

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...

CVE-2016-9482

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...

Path traversal

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...

Input validation

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

Unrestricted file upload

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

Cross site scripting

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

Authentication flaw

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...

CVE-2016-9484

The CVE-2016-9484 vulnerability in PHP FormMail Generator arises from generated PHP form code that does not properly validate user-supplied folder directories, enabling a remote unauthenticated attacker to perform path traversal and access arbitrary files on the server. The issue affects PHP form...

CVE-2016-9482

CVE-2016-9482 affects the PHP FormMail Generator code; an unauthenticated remote user can bypass authentication and reach the administrator panel by accessing /admin.php?mod=admin&func=panel. Documents consistently describe an authentication bypass in the code generated by PHP FormMail Generator....

CVE-2016-9482 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...

CVE-2016-9483 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

CVE-2016-9492

CVE-2016-9492 concerns PHP FormMail Generator-generated forms prior to 2016-12-17. The vulnerability arises from a hard-coded list of dangerous file extensions in form.lib.php, which does not cover all PHP file variations. This can allow unrestricted upload of dangerous file types and, if the upl...